Cloud Management: SSL
Sensitive data transmitted to and from your Moovweb project should be secured with SSL. SSL (Secure Sockets Layer), also known as TLS (Transport Layer Security) is a cryptographic protocol to communicate security over the Internet. SSL provides end-to-end data encryption and data integrity for all web requests.
When users visit secure domains on their devices that are set up on the Moovweb Cloud, an SSL certificate is needed. SSL certificates should be provisioned for all secure data that may pass through Moovweb.
SSL on Moovweb Overview
The Moovweb Control Center allows system administrators to manage SSL certificates used by projects that deliver endpoint experiences for domains that make use of HTTPs. System administrators can find the following features built for SSL management:
- SSL Certificate pro-active management: The Moovweb Control Center displays the status of all the SSL certificates as well as the remaining days until expiration.
- Notifications: Notifications are automatically sent via email when specific actions to manage SSL certificates are needed.
- Self-service certificate upload : Upload, renew or access SSL certificate information from a central location in the system.
- SSL SAN certificate support: SSL SAN certificates are often used by large organization to secure multiple domains with a single certificate instead of using multiple. Customers can use this type of certificate across multiple Moovweb projects.
Setting up SSL certificates in Moovweb
To begin, access the Control Center’s domain and SSL configuration page under the project settings. In the domains section you can see all the domains that are transformed by Moovweb. You can configure SSL certificates for each or all domains associated with this project.
Go to the SSL certificate wizard by clicking the Configure button the appears next to list of domains:
If the “Configure” button is not displayed, your project needs to be enabled for production. Please submit a ticket at our help center.
Then follow the steps outlined in the Control Center’s SSL summary page. There are threee steps to finish the SSL setup flow. First click Generate CSR.
In this step, you need to select the domains that are secured by the SSL certificate. If you are building projects that use separate domains you can also select them as long as your account has access to these projects
You will also need to enter your company information. Once you finished, you can click “Generate” button to generate a Certificate Signing Request (CSR).
If CSR is generated successfully, you can proceed to the next step: Upload Certificate. The certificate is provided by a third party. You will need to create an SSL Key and Certificate and upload them back into our system in order to complete the process. Once you have a certificate, you can upload it to Moovweb in the Control Center.
During project development that requires testing on the Moovweb cloud, organizations could use self-signed certificates to run end-to-end testing. You may use a self-signed certificate for staging environments but be sure to install a valid production certificate when going live.
You need to generate an SSL certificate in X.509 format at a minimum level of EV. There are a number of places you can get an SSL certificate, including:
After uploading the certificates you need to confirm that all the information is accurate. Moovweb will then provision the certificate and present you with the current status of certificates throughout the process.
The last step is Upload Intermediate Certificate. Intermediate Certificates establish a chain of trust from the Host-Specific SSL Certificate you provided, to a trusted Root Certificate which has been bundled with the browser your users are using to visit your site. You need to upload the certificates in a correct order.
Understanding SSL Certificate Status in Moovweb
The Moovweb Control Center provides various status for SSL certificates that aims to give system administrators information on the certificates for verification, reference or, re utilization purposes together with actions associated with the status of the certificate.
The following are the status and actions of SSL certificates in the Moovweb Control Center:
|(N/A)||Configure||No existing certificate has been uploaded to the system, start the SSL Certificate wizard|
|In progress||Continue||The certificate is being provisioned to the Moovweb cloud. The continue action lets you access the step in the SSL certificate provisioning where pending actions may be needed to complete the process.|
|Completed||Renew||The certificate has been successfully provisioned into the system. From the moment that a certificate is uploaded, the system will track the remaining number of days until the certificate expires using the following visual indications:
|Completed (Renewing)||Continue||The current certificate is getting renewed you can access the current active certificate’s information, and also access the step in the SSL certificate provisioning where pending actions might be needed to complete the process.|
Setting up SSL Certificate Notifications
Every organization in the Moovweb Control Center can add a technical contact which is automatically registered to receive notifications related to SSL certificate status or that can be contacted by the Moovweb team in case where direct communication is needed to troubleshoot issues that might affect production sites.
To change the technical contact information go to the organization’s membership page (click the gear icon next to the Current Account dropdown) and then select the ‘Add Technical Contact’.
The system will automatically generate the following notifications for the technical contact:
- Initiate renewal process
- Certificate is 45 days to expire
- Certificate expires.